VTS22-015 - Hotfix for Security Advisory impacting NetBackup 10.0.0.1 Clients(Etrack 4093375)

Translation Notice

Please note that this content includes text that has been machine-translated from English. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.

VTS22-015 - Hotfix for Security Advisory impacting NetBackup 10.0.0.1 Clients(Etrack 4093375)

HotFix Critical

Update ID: UPD441509

Version: 10.0.0.1

Platform: Cross-platform

Release date: 2022-11-15

Abstract

VTS22-015 - Security Advisory impacting NetBackup 10.0.0.1 Clients

Description

Veritas Bug ID: ET 4093375

Issue: VTS22-015 - Security Advisory impacting NetBackup 10.0.0.1 Clients

Version: NetBackup 10.0.0.1

Problem Description: VTS22-015 - Security Advisory impacting NetBackup 10.0.0.1 Clients

Problem Details and Fix: The /usr/openv/java/auth.conf file grants access to functions in the NetBackup Administration Console. This file is created by default with only root having admin rights. This file is present on Primary Servers, Media Servers and Clients.
Unless this file is modified to add non-root users to it to allow those users to manage Primary servers or a Media servers or Clients, the environment is NOT vulnerable, and the fix is not required.

This applies to NetBackup Appliance, Flex appliance, and NetBackup Flex Scale as well if auth.conf is modified on those appliances/instances. Again, with the default non-modified auth.conf, the environment is NOT vulnerable.

The fix updates the vulnerable bpjava binary on the machine the Java Admin UI console connects to.
For more details about auth.conf please see: https://www.veritas.com/content/support/en_US/doc/21733320-149123528-0/v41641695-149123528

Note this affects only Unix-based servers and clients. Windows-based servers and clients are unaffected.

Installation Requires: Close all the JAVA GUI instances connected to the master server before installing the EEB.

Install on: Client

Using the NetBackup Emergency Engineering Binary (EEB) installer
https://www.veritas.com/docs/100019405

How to install client EEB's with VxUpdate
https://www.veritas.com/content/support/en_US/doc/125240132-131571482-0/v130876036-131571482

How to Add a VxUpdate file (SJA) to a Flex-based NetBackup Primary Server (veritas.com)
https://www.veritas.com/content/support/en_US/article.100053208

VTS22-015 Advisory Link
https://www.veritas.com/content/support/en_US/security/VTS22-015

Downloads:
NB_10.0.0.1_ET4093375_1.zip
NB_10_0_0_1_ET4093375_1_README.pdf

Applies to the following product releases

NetBackup 10.0.0.1

Release date: 2022-06-27

End of standard support: 2025-03-28

Sustaining support starts: 2027-03-28

End of support life: 2028-03-28

Update files

	File name	Description	Version	Platform	Size

Choose an account to download the files you selected.